Last updated: 2023-02-02
Getting the currently authenticated user in Spring Boot
Did you know that you can save days or weeks of development time when starting new Spring Boot apps? br With Bootify you have the right helper at your side - get a runnable prototype in minutes and focus on your business logic instead. Best practices included.
Discover more
After our application has been protected using Spring Security, we have sections that are only accessible for authenticated users. For example, this could be a MyAccount area or a REST endpoint for retrieving the current user's stored addresses. How can we get the JPA entity of the current user in this context?
Frontend controller accessible only for ROLE_USER
The Spring Security Authentication object is accessible directly from the static context. To get the current JPA entity from the database we can create or extend a UserService and add the getAuthenticatedUser method.
Extension of the UserService to get the JPA entity
HttpUserDetails is an extension of the Spring Security class org.springframework.security.core.userdetails.User so the users primary key is also available - which we use here for reading the actual User entity from the database. An authenticated user is always expected to be present.
Adding a utility class with isLoggedIn
Another utility class may come handy if we have areas in our application that are accessible by both authenticated and anonymous users. In this case the UserUtils.isLoggedIn() check should come first before trying to call getAuthenticatedUser(). As our AccountController was already restricted, this is not required and we can simply complete our call.
New method call to load the addresses
This extension allows the AddressService to provide the addresses of the currently authenticated user.
